Proving and explaining the unfeasibility of Message Sequence Charts for hybrid systems

Networks of Hybrid Automata are a clean modelling framework for complex systems with discrete and continuous dynamics. Message Sequence Charts (MSCs) are a consolidated language to describe desired behaviors of a network of interacting components. Techniques to analyze the feasibility of an MSC over a given HA network are based on specialized bounded model checking techniques, and focus on efficiently constructing traces of the network that witness the MSC behavior. Unfortunately, these techniques are unable to deal with the “unfeasibility” of the MSC, i.e. that no trace of the network satisfies the MSC. In this paper, we tackle the problem of MSC unfeasibility: first, we propose specialized techniques to prove that an MSC can not be satisfied by any trace of a given HA network; second, we show how to explain why an MSC is unfeasible. The approach is cast in an SMT-based verification framework, using a local time semantics, where the timescales of the automata in the network are synchronized upon shared events. In order to prove unfeasibility, we generalize k-induction to deal with the structure of the MSC, so that the simple path condition is localized to each fragment of the MSC. The explanations are provided as formulas in the variables representing the time points of the events of the MSCs, and are generated using unsatisfiable core extraction and interpolation. An experimental evaluation demonstrates the effectiveness of the approach in proving unfeasibility, and the adequacy of the automatically generated explanations.

[1]  Benedikt Bollig,et al.  Automata and Logics for Timed Message Sequence Charts , 2007, FSTTCS.

[2]  Roberto Bruttomesso,et al.  The MathSAT 4 SMT Solver ( Tool Paper ) , 2008 .

[3]  Viktor Schuppan,et al.  Towards a notion of unsatisfiable and unrealizable cores for LTL , 2012, Sci. Comput. Program..

[4]  Bernd Becker,et al.  Optimizing Bounded Model Checking for Linear Hybrid Systems , 2005, VMCAI.

[5]  Stefano Tonetta,et al.  Abstract Model Checking without Computing the Abstraction , 2009, FM.

[6]  Thomas A. Henzinger,et al.  The theory of hybrid automata , 1996, Proceedings 11th Annual IEEE Symposium on Logic in Computer Science.

[7]  Peter B. Ladkin,et al.  On the Semantics of Message Sequence Charts , 1992, FBT.

[8]  Martin Fränzle,et al.  HySAT: An efficient proof engine for bounded model checking of hybrid systems , 2007, Formal Methods Syst. Des..

[9]  Lee S. Pike Real-Time System Verification by Kappa-Induction , 2013 .

[10]  Chris J. Myers,et al.  Verification of Analog/Mixed-Signal Circuits Using Symbolic Methods , 2008, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[11]  Thomas Stauner,et al.  Modelling and Verification using Linear Hybrid Automata -- a Case Study , 2000 .

[12]  Lei Bu,et al.  TASS: Timing Analyzer of Scenario-Based Specifications , 2009, CAV.

[13]  Marco Pistore,et al.  NuSMV 2: An OpenSource Tool for Symbolic Model Checking , 2002, CAV.

[14]  Farn Wang Symbolic Parametric Safety Analysis of Linear Hybrid Systems with BDD-Like Data-Structures , 2004, CAV.

[15]  Alessandro Cimatti,et al.  HyDI: A Language for Symbolic Hybrid Systems with Discrete Interaction , 2011, 2011 37th EUROMICRO Conference on Software Engineering and Advanced Applications.

[16]  Rajeev Alur,et al.  Model Checking of Message Sequence Charts , 1999, CONCUR.

[17]  Peter B. Ladkin,et al.  Interpreting Message Flow Graphs , 1995, Formal Aspects of Computing.

[18]  Kim G. Larsen,et al.  Scenario-based verification of real-time systems using Uppaal , 2010, Formal Methods Syst. Des..

[19]  Wang Yi,et al.  Partial Order Reductions for Timed Systems , 1998, CONCUR.

[20]  Lee Pike Real-Time System Verification by k-Induction , 2005 .

[21]  Keijo Heljanko,et al.  Exploiting step semantics for efficient bounded model checking of asynchronous systems , 2012, Sci. Comput. Program..

[22]  Martin Fränzle,et al.  Efficient Proof Engines for Bounded Model Checking of Hybrid Systems , 2005, FMICS.

[23]  Ilkka Niemelä,et al.  Bounded LTL model checking with stable models , 2003, Theory Pract. Log. Program..

[24]  Thomas A. Henzinger,et al.  HYTECH: The Cornell HYbrid TECHnology Tool , 1994, Hybrid Systems.

[25]  Alessandro Cimatti,et al.  Model Checking of Hybrid Systems Using Shallow Synchronization , 2010, FMOODS/FORTE.

[26]  Helmut Veith,et al.  On the Notion of Vacuous Truth , 2007, LPAR.

[27]  Alessandro Cimatti,et al.  Efficient Scenario Verification for Hybrid Automata , 2011, CAV.

[28]  Mary Sheeran,et al.  Checking Safety Properties Using Induction and a SAT-Solver , 2000, FMCAD.

[29]  David Harel,et al.  LSCs: Breathing Life into Message Sequence Charts , 1999, Formal Methods Syst. Des..

[30]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[31]  Michel A. Reniers,et al.  High-level message sequence charts , 1997, SDL Forum.

[32]  Viktor Schuppan Towards a Notion of Unsatisfiable Cores for LTL , 2009, FSEN.

[33]  Hanêne Ben-Abdallah,et al.  Timing Constraints in Message Sequence Chart Specifications , 1997, FORTE.

[34]  Jochen Klose,et al.  An Automata Based Interpretation of Live Sequence Charts , 2001, TACAS.

[35]  Marco Bozzano,et al.  Verifying Industrial Hybrid Systems with MathSAT , 2005, BMC@CAV.

[36]  Harald Ruess,et al.  Bounded Model Checking and Induction: From Refutation to Verification (Extended Abstract, Category A) , 2003, CAV.